d9a9212e32e3bceb2741d7aa3c9624e95e21a384e6c4da4c9212b4a59fbc4f31

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
25-08-2024 09:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c075fcfeecc016a58ca8dd8271b634dd_JaffaCakes118.pdf
Size

42KB
MD5

c075fcfeecc016a58ca8dd8271b634dd
SHA1

2addef27614dec4e47d07966a10156e3d8fd62c8
SHA256

d9a9212e32e3bceb2741d7aa3c9624e95e21a384e6c4da4c9212b4a59fbc4f31
SHA512

4f61a640c6d3a08449d478d07f48c5a9206e08021ad5a25cf102bf46e3b0d0f5ebec509a6639f6064bd8b8c8241280a0fa95d7b3752a4c021b14827089f061f5
SSDEEP

768:nQgGzpDxaDILn1yuANYKnFAkYgfeN3pPCQHbpM2jsSDaZ1xbzSgH82BVI:9GFtQGN5aQHNM2js2aHxbegPBVI

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1992	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1992	AcroRd32.exe
1992	AcroRd32.exe
1992	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\c075fcfeecc016a58ca8dd8271b634dd_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
609774feda3e0a6b9ebada642d048ea4

SHA1
c4688d6972246fa5d0d160f630bd34aaa62871c9

SHA256
441eb1805693f47e9685411cf879007afa78a4132e297e0d3c2394571fa3da02

SHA512
649c3c94aee51ba5ff6ef22d35c2e45b3f77b37bbed5fe9880b95259dc8a7a4647fba17db2b3c4c557ea6f38fe5da461f7162978350977869034381b366b856e

Download Submit